win2003 ca and domain controller certificates

I have a ca structure in place and no problems issuing certificates. By
default I see my domain controllers requesting domain controller certificates
which are stacking up in my pending request queue. What I would like is for
the domain controllers to stop issuing requests until that time I wish to
implement them. Right now I am ending up with thousands of requests each
day. It appears the DCs are continuously requesting certificates. What is
the best way to prevent this? Thanks!

S. Pidgorny

07-09-2005, 11:53 PM

Try to change Autoenrollment group policy on the Domain Controllers OU - see
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx#EKAA

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"paulcerv" <paulcerv@discussions.microsoft.com> wrote in message
news:5DC288F6-8567-49E3-BA3A-D7BEE7C35631@microsoft.com...
> I have a ca structure in place and no problems issuing certificates. By
> default I see my domain controllers requesting domain controller
certificates
> which are stacking up in my pending request queue. What I would like is
for
> the domain controllers to stop issuing requests until that time I wish to
> implement them. Right now I am ending up with thousands of requests each
> day. It appears the DCs are continuously requesting certificates. What
is
> the best way to prevent this? Thanks!
>
>

paulcerv

07-09-2005, 11:53 PM

Right, I did this but didn't look closely enough. Indeed the Win2003 servers
are no longer sending requests. My problem is the Win2000 servers are still
requesting certificates. Is there a setting that can be applied that will
keep them from requesting certificates. Thanks in advance!

"S. Pidgorny <MVP>" wrote:

> Try to change Autoenrollment group policy on the Domain Controllers OU - see
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx#EKAA
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
>
> "paulcerv" <paulcerv@discussions.microsoft.com> wrote in message
> news:5DC288F6-8567-49E3-BA3A-D7BEE7C35631@microsoft.com...
> > I have a ca structure in place and no problems issuing certificates. By
> > default I see my domain controllers requesting domain controller
> certificates
> > which are stacking up in my pending request queue. What I would like is
> for
> > the domain controllers to stop issuing requests until that time I wish to
> > implement them. Right now I am ending up with thousands of requests each
> > day. It appears the DCs are continuously requesting certificates. What
> is
> > the best way to prevent this? Thanks!
> >
> >
>
>
>